Previous: vnc_sec_certificate_pw, Up: vnc_security
The GNU TLS packages provides a command called certtool
which can
be used to generate certificates and keys in PEM format. At a minimum it
is neccessary to setup a certificate authority, and issue certificates to
each server. If using certificates for authentication, then each client
will also need to be issued a certificate. The recommendation is for the
server to keep its certificates in either /etc/pki/qemu
or for
unprivileged users in $HOME/.pki/qemu
.